Hello
Allow-query is only allowed for specified IP defined in the allow-query statement. Regards Daniel -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas Sent: Monday, January 19, 2015 5:21 PM To: bind-users@lists.isc.org Subject: Re: reject invalid dns queries On 19.01.15 16:14, Daniel Dawalibi wrote: >Invalid DNS queries : non-existent domains that do not resolve to any >IP as mentioned in the below example. you should better not use this definition. >We are trying to protect our DNS servers from a number of invalid dns >queries targeting our caching server and originated from different >source IPs. Is there any way to drop these requests based on the >Query Access list from the DNS configuration file (named.conf)? you can NOT know if a hostname exists before you try to resolve it. After that, you can't block it anymore. do you allow recursion for remote clients? (recursion and allow-recursion statemends) Do you allow DNS access from remote clients? (allow-query statement) Perhaps denying remote clients from even accessing your caching server would help you with this problem. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved! _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
